CVE-2024-8644

Cleartext Storage of Sensitive Information in a Cookie vulnerability in Oceanic Software ValeApp allows Protocol Manipulation, : JSON Hijacking (aka JavaScript Hijacking).This issue affects ValeApp: before v2.0.0.
References
Link Resource
https://www.usom.gov.tr/bildirim/tr-24-1562 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:oceanicsoft:valeapp:*:*:*:*:*:*:*:*

History

04 Oct 2024, 17:14

Type Values Removed Values Added
CPE cpe:2.3:a:oceanicsoft:valeapp:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
CWE CWE-312
References () https://www.usom.gov.tr/bildirim/tr-24-1562 - () https://www.usom.gov.tr/bildirim/tr-24-1562 - Third Party Advisory
First Time Oceanicsoft valeapp
Oceanicsoft

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de almacenamiento de información confidencial en texto plano en una cookie en Oceanic Software ValeApp permite la manipulación de protocolos: secuestro de JSON (también conocido como secuestro de JavaScript). Este problema afecta a ValeApp: antes de v2.0.0.

27 Sep 2024, 12:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-27 12:15

Updated : 2024-10-04 17:14


NVD link : CVE-2024-8644

Mitre link : CVE-2024-8644

CVE.ORG link : CVE-2024-8644


JSON object : View

Products Affected

oceanicsoft

  • valeapp
CWE
CWE-312

Cleartext Storage of Sensitive Information

CWE-315

Cleartext Storage of Sensitive Information in a Cookie